Latest Activity

JSR-370: Even Better JAX-RS on the way
1 day ago

By Sergey Beryozkin
No doubt JAX-RS 2.0 (JSR-339) has been, is and will be a success - a lot has been written  about the top features JAX-RS 2.0 offers. It is still very much a relevant story for many developers who have their REST services being migrated to JAX-RS 2.0, it is not always easy for a given production to switch to a new specification's API fast.

But JAX-RS 2.0 is not the end of JAX-RS as such. So the fact JSR-370 (JAX-RS 2.1) is now active is a very ...
Continue reading →

Two new security advisories for Apache CXF
6 days ago

By Colm O hEigeartaigh
Two new security advisories have been released for Apache CXF, please see the CXF security advisories page for the details:
  • CVE-2014-3623: Apache CXF does not properly enforce the security semantics of SAML SubjectConfirmation methods when used with the TransportBinding
  • CVE-2014-3584: Apache CXF JAX-RS SAML handling is vulnerable to a Denial of Service (DoS) attack
If you are using SAML SSO or else SAML tokens with the WS-SecurityPolicy Transport ...
Continue reading →

Apache CXF Authentication and Authorization test-cases IV
1 week ago

By Colm O hEigeartaigh
This is the fourth in a series of posts on authentication and authorization test-cases for web services using Apache CXF. The first focused on different ways to authenticate and authorize UsernameTokens for JAX-WS services. The second looked at more advanced examples such as using Kerberos, WS-Trust, XACML, etc. The third looked at different ways of achieving SSO in CXF for both JAX-WS and JAX-RS services. This post gives some examples of ...
Continue reading →

Apache CXF Fediz 1.1.2 released
1 week ago

By Colm O hEigeartaigh
Apache CXF Fediz 1.1.2 has been released. Apache CXF Fediz is a Single Sign-On (SSO) solution based on the WS-Federation Passive Requestor Profile. It consists of an Identity Provider (IdP) which leverages the Apache CXF STS to issue tokens, as well as a number of container-specific plugins (Jetty, Tomcat, Spring, etc.) to enable SSO for web applications. The issues fixed in the new release include an upgrade to CXF 2.7.13, support for claims mapping ...
Continue reading →

Kerberos Credential Delegation support in Apache CXF
1 week ago

By Colm O hEigeartaigh
Apache CXF provides full support for integrating Kerberos with JAX-WS and JAX-RS services. A previous tutorial (here and here) described how to set up Kerberos with WS-Security in CXF, where the client obtains a Kerberos service ticket and encodes it in the security header of the request, and where it is validated in turn by the service. In this post we will discuss support for kerberos credential delegation for JAX-WS clients and services in Apache ...
Continue reading →

CXF becomes friends with Tika and Lucene
2 weeks ago

By Sergey Beryozkin
You may have been thinking for a while: would it actually be cool to get some experience with Apache Lucene and Apache Tika and enhance the JAX-RS services you work upon along the way ? Lucene and Tika are those cool projects people are talking about but as it happens there has never been an opportunity to use them in your project...

Apache Lucene is a well known project where its community keeps innovating with improving and optimizing the ...
Continue reading →

Using JAAS with Apache CXF
2 weeks ago

By Colm O hEigeartaigh
Apache CXF supports a wide range of tokens for authentication (SAML, UsernameTokens, Kerberos, etc.), and also offers different ways of authenticating these tokens. A standard way of authenticating a received token is to use a JAAS LoginModule. This article will cover some of the different ways you can configure JAAS in CXF, and some of the JAAS LoginModules that are available.

1) Configuring JAAS in Apache CXF

There are a number of different ways to ...
Continue reading →

New Apache WSS4J releases
3 weeks ago

By Colm O hEigeartaigh
Apache WSS4J 1.6.17 and 2.0.2 have been released. WSS4J 2.0.2 picks up some bug fixes via Apache Santuario and BouncyCastle dependency upgrades, in particular the latter upgrade fixes some Kerberos issues. Both releases contain some changes to how SAML tokens are processed that will be described in a forthcoming blog post.

I also added a new Security Advisories page to the WSS4J website. For the moment it just contains some links and information on ...
Continue reading →

Some recent WS-Trust client topics in Apache CXF
3 weeks ago

By Colm O hEigeartaigh
There are a number of minor new features and changes in recent versions of Apache CXF with respect to the client side of WS-Trust, which will be documented in this post.

1) STSClient configuration

CXF's STSClient is responsible for communicating with a Security Token Service (STS) via the WS-Trust protocol, in order to issue/validate/renew/etc. a security token. To support WS-Trust on the client side in CXF, it is necessary to construct an STSClient ...
Continue reading →

Apache CXF Authentication and Authorization test-cases III
3 weeks ago

By Colm O hEigeartaigh
This is the third in a series of posts on authentication and authorization test-cases for web services using Apache CXF. The first post focused on authenticating and authorizing web service requests that included a username and password (WS-Security UsernameToken and HTTP/BA). The second article looked at more sophisticated ways of performing authentication and authorization, such as using X.509 certificates, using a SecurityTokenService (STS), using ...
Continue reading →

Encrypt ConfigAdmin properties values in Apache Karaf
3 weeks ago

By Jean-Baptiste Onofré
Apache Karaf loads all the configuration from etc/*.cfg files by default, using a mix of Felix FileInstall and Felix ConfigAdmin. These files are regular properties file looking like: Some values may be critical, and so not store in plain text. It could be critical business data (credit card number, etc), or technical data (password to
Continue reading →

Apache Santuario - XML Security for Java 2.0.2 release
1 month ago

By Colm O hEigeartaigh
Apache Santuario - XML Security for Java 2.0.2 has been released. This is a minor release that fixes a couple of bugs with the streaming code and contains a few dependency
Continue reading →

MDC logging with Apache Karaf and Camel
2 months ago

By Jean-Baptiste Onofré
MDC (Mapped Diagnostic Context) logging is an interesting feature to log contextual messages. It’s classic to want to log contextual messages in your application. For instance, we want to log the actions performed by an user (identified by an username or user id). As you have a lot of simultaneous users on your application, it’s
Continue reading →

Testing (utest and itest) Apache Camel Blueprint route
2 months ago

By Jean-Baptiste Onofré
In any integration project, testing is vital for multiple reasons: to guarantee that the integration logic matches the expectations to quickly identify some regression issues to test some special cases, like the errors for instance to validate the succesful provisioning (deployment) on a runtime as close as possible to the target platform We distinguish two
Continue reading →

Apache JMeter to test Apache ActiveMQ on CI with Maven/Jenkins
2 months ago

By Jean-Baptiste Onofré
Apache JMeter is a great tool for testing, especially performance testing. It provides a lot of samplers that you can use to test your web services, web applications, etc. It also includes a couple of samplers for JMS that we can use with ActiveMQ. Preparing JMeter for ActiveMQ For this article, I downloaded JMeter 2.10
Continue reading →

Webex on Ubuntu 14.04
2 months ago

By Jean-Baptiste Onofré
Webex is a great tool but unfortunately, it doesn’t work “out of the box” on Ubuntu 14.04 (and also with previous Ubuntu releases). For instance, the webex applet starts but it doesn’t refresh correctly, or the share of desktop/application doesn’t work. Actually, the issue is due to: some libraries required by webex are missing on
Continue reading →

[OT] Wake Up To CXF Revolution !
2 months ago

By Sergey Beryozkin
It's the end of the summer, still warm outside, and your friends from the Big Data team have millions of millions of records processed per second with Hadoop and give the happy smiles of those who are doing something new and cool. And you have GET, POST, may be PUT, then again GET. Occasional DELETE and if you are really lucky, you've got PATCH in the logs. You are starting wondering, is it really still cool, be a web service  developer, does ...
Continue reading →

Apache Syncope backend with Apache Karaf
2 months ago

By Jean-Baptiste Onofré
Apache Syncope is an identity manager (IdM). It comes with a web console where you can manage users, attributes, roles, etc. It also comes with a REST API allowing to integrate with other applications. By default, Syncope has its own database, but it can also “façade” another backend (LDAP, ActiveDirectory, JDBC) by using ConnId. In
Continue reading →

Learn JOSE and become a better Web Service Developer
2 months ago

By Sergey Beryozkin
The work around OAuth2 and JOSE in particular has inspired me.

So much that I've ordered several books from Amazon.co.uk - and it's been quite a while since the idea of buying a book occurred to me; and several books in the age of Google ? - see, it did inspire me.

Sometimes we the developers think that we know all and if not all then we think we won't need that extra piece of knowledge, being the experts we are. The software engineering is not easy. ...
Continue reading →

JAX-RS is not only about REST
2 months ago

By Sergey Beryozkin
I've been planning to post this 'philosophical' piece for a while.

The JAX-RS specification (Java API for RESTful services) has really got off the ground long time ago. JAX-RS 2.0 with its new brilliant features, with three JAX-RS 2.0 frameworks around (there will possibly be more, we never know), is and will further contribute to the popularity of JAX-RS.

JAX-RS 2.1 work will go ahead  soon enough and it will be another great specification, I've ...
Continue reading →
More Articles (+10)

Pages

Subscribe to Talend Community Coders aggregator